TY - GEN
T1 - Optimization of NIDS placement for protection of intercommunicating critical infrastructures
AU - Puzis, Rami
AU - Klippel, Marius David
AU - Elovici, Yuval
AU - Dolev, Shlomi
N1 - Funding Information:
Research is partially supported by Deutsche Telekom AG.
PY - 2008/12/1
Y1 - 2008/12/1
N2 - Many Critical Infrastructures (CI) use the Internet as a means of providing services to citizens and for dispatching their own transactions. CIs, like many other organizations connected to the Internet, are prone to cyber-attacks. The attacks can originate from their trusted customers or peer CIs. Distributed network intrusion detection systems (NIDS) can be deployed within the network of national Network Service Providers to support cyber-attack mitigation. However, determining the optimal placement of NIDS devices is a complex problem that should take into account budget constraints, network topology, communication patterns, and more. In this paper we model interconnected CIs as a communication overlay network and propose using Group Betweenness Centrality as a guiding heuristic in optimizing placement of NIDS with respect to the overlay network. We analyze the effectiveness of the proposed placement strategy by employing standard epidemiological models and compare it to placement strategies suggested in the literature.
AB - Many Critical Infrastructures (CI) use the Internet as a means of providing services to citizens and for dispatching their own transactions. CIs, like many other organizations connected to the Internet, are prone to cyber-attacks. The attacks can originate from their trusted customers or peer CIs. Distributed network intrusion detection systems (NIDS) can be deployed within the network of national Network Service Providers to support cyber-attack mitigation. However, determining the optimal placement of NIDS devices is a complex problem that should take into account budget constraints, network topology, communication patterns, and more. In this paper we model interconnected CIs as a communication overlay network and propose using Group Betweenness Centrality as a guiding heuristic in optimizing placement of NIDS with respect to the overlay network. We analyze the effectiveness of the proposed placement strategy by employing standard epidemiological models and compare it to placement strategies suggested in the literature.
KW - Communication infrastructure protection
KW - Epidemic models
KW - NIDS placement
UR - http://www.scopus.com/inward/record.url?scp=58849140833&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-89900-6_20
DO - 10.1007/978-3-540-89900-6_20
M3 - Conference contribution
AN - SCOPUS:58849140833
SN - 3540898999
SN - 9783540898993
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 191
EP - 203
BT - Intelligence and Security Informatics - First European Conference, EuroISI 2008, Proceedings
T2 - 1st European Conference on Intelligence and Security Informatics, EuroISI 2008
Y2 - 3 December 2008 through 5 December 2008
ER -
